It occurred to me the other day that the difficult problem of electronic voting could possibly be solved quite nicely using a bitcoin system. I believe it's transparent enough to be trusted. I found a few threads discussing this already.

Has any work been done in this area yet? I think it's worth investigating.

Why are you asking if anyone has attempted and then stating that you have already read the threads about it? Also, if you are going to reference other threads, you should link to them.
– osmosisOct 14 '11 at 10:11

1

Please add reference links, many of us dont know what you already know (also help educate us on the topic / proposal)
– MaxSanOct 14 '11 at 10:23

1

@osmosis the threads don't talk about projects, they talk about the ideas. I'm also not sure if I have read everything on the internet yet but I suspect not. I will link what I have seen
– barrymacOct 14 '11 at 12:33

The pair have used their method, known as CommitCoin, to close a
loophole in a voting system they helped develop. In the Scantegrity
system, voters receive a confirmation code from the list that is
cryptographically linked to their selected candidate and can be used
to check on the election website that their vote is counted.

I've edited your answer to include a bit of detail and information. As a general guideline, answering questions with only a link is a bad idea: not only does it look like spam but if the page you link to goes down, your answer has lost 100% of relevant information. Thanks for participating, though, and welcome to the Bitcoin StackExchange!
– David PerryJan 20 '12 at 22:20

Excellent, this is an interesting development!
– barrymacJan 22 '12 at 19:12

The bitcoin concept has no method to limit anything to a single entity. I am one person yet on bitcon network I have multiple addresses, I have multiple wallets which contain multiple addresses, I make up multiple nodes, I have multiple rigs with multiple GPU each, I use multiple IP addresses.

Everything about the bitcon network was designed to allow such a scenario to take place. evoting requires multiple concepts which are incompatible with current bitcoin network

Unhandled, I agree with the main point of your post -- that bitcoin does not address the hard parts of evoting. However, I think (1) and (2) are really the hard ones, and bitcoin can solve (3) and (4), which are the easy ones. I have to split this across two comments because it's too long...
– eldentyrellOct 14 '11 at 17:17

1

Assuming you've solved (1) and (2), you have a list containing one bitcoin public key per voter but no way of correlating addresses with identities. Now, publish two invalid bitcoin receiving addresses and ask each voter to send a satoshi (smallest fraction of a bitcoin) to one address or the other (thereby destroying the satoshi) in order to express their vote. The earliest transaction in the blockchain from each voter's address is their vote. This ensures one vote per address (3), and is public/verifiable/immutable (4).
– eldentyrellOct 14 '11 at 17:17

4

I think the real difficulty is that (1) and (2) are nearly paradoxical. It might be possible, for example, to use some kind of GUID for each voter (say SSN here in the US) and deterministically generate a keypair from that GUID, but then anyone with the GUID and algorithm can de-anonymize that person's vote. Any method resilient against (2) would seem to violate (1) and vice versa.
– David PerryOct 14 '11 at 18:18

@DavidPerry. That is the paradox. There are some methods but they have compromises. For example say you had a national smart card ID. Voter could login to voting website using national ID to receive a "ballot key". The website wouldn't maintain any records of which key is givent to which voter it would just ensure each voter is given only one key. Then on election day voter would use different site (or kiosk, or onsite voting terminal) to cast the ballot signing it w/ their ballot key. The key would allow ballots to be verified as unique and valid but not who cast them.
– DeathAndTaxesOct 14 '11 at 18:46

4

@theUnhandledException: it would also add centralization into the system at some point. I'd imagine some fair portion of the reason for using Bitcoin as a voting system would be to avoid centralization. Alternately, we may not have to control the addresses so much as the currency itself. If we used a closed-system built on the Bitcoin protocol (Votecoin?) then the coins themselves represent votes, so who cares how many addresses one generates so long as each person is given only one coin to spend.
– David PerryOct 14 '11 at 18:52

I think it could technically be solved using a cryptocurrency system like Bitcoin, but not the existing Bitcoin as it stands. It would need some adjustments to the clients and the rules of the blockchain.

If you think about how paper voting works (at least here in Canada), it goes like this:

You present yourself with ID and are checked against the voters list for proof of eligibility.

Your blank ballot is torn from the stub. Nothing identifies your ballot to the stub number.

You have one ballot that goes in the box.

The officers keep the stubs to verify that the number of ballots in the box is valid.

Now, online:

The first question is identity. This could be established beforehand via user login/password, or some offline validation process if necessary. Either way, the result is, if you're identified and eligible to vote, you provide your digital address and the election office's account transfers 1 Votecoin to you.

The second question is anonymity. The Votecoin you received is identifiable to you and acts as the "stub". Anonymization would need to happen by random exchange of Votecoins with peers to launder the Votecoins to new, anonymous addresses. A few rounds of exchange could take place so even the peers you exchange with have no way to identify you.

You then have 1 anonymous Votecoin to spend to the ballot box address. The record shows only that you were given a balance of 1 vote. Who ended up spending that particular Votecoin can't be known.

For this to work fairly, the blockchain would need to process only net-zero transactions so you always have 1 Votecoin after every anonymization and nobody can steal your vote. The clients could use P2P discovery to handle the anonymization automatically.

This problem becomes alot simpler, and does lend itself to a bitcoin framework, if you realize one thing. your point (2) that requires anonymity is actually useless. voting does not require anonymity. it is an arbitrary requirement that has created a security theatre, albeit one for encouraging more people to participate.

we live in the 21st century. if one can not stand by their vote, i question their motives. fear lynching? i highly doubt that will be possible with online voting.

eliminate the anonymity and you have yourself a very solvable problem. 2012 is coming, AND I WILL BE VOTING FOR RON PAUL, one way or another...

Although I agree with you I think it's like collecting survey statistics, people are likely to be more honest if they feel that their opinion is private. Especially for extremely emotive things such as politics. Family have split due to political differences
– barrymacOct 18 '11 at 9:31

I don't have a clean solution but have put a fair amount of thought into this question, which I'll try and summarize here.

The term "Bitcoin-based" could have different meanings. It could mean (1) using Bitcoin exclusively, (2) using Bitcoin as black box to provide some functionality to augment some other voting protocol, or (liberally) (3) using the same cryptographic toolset as Bitcoin without using Bitcoin itself explicitly. I'll deal with the cases in order (3), (1), and (2).

Using Bitcoin's Toolset

Let me start with (3): using the Bitcoin toolbox. There is a lot of promise to the idea of applying cryptography to voting. In fact, there is a large shared history between digital cash and cryptographic voting, including the origins of both in cryptographer David Chaum and many shared primitives developed over the past few decades. This is the most promising in my opinion but also the least interesting to Bitcoin enthusiasts, so I won't say much more about it here. I do try to summarize the current state of cryptographic voting over on Security.SE.

Using (Almost) Exclusively Bitcoin

In terms of (1), as most of the answers so far point out, governmental voting requires some control over identity to ensure that only eligible voters vote and that they only vote once. This needs to be held in contrast with the right to a secret ballot.

It would be possible for the government to maintain a roster of voters with each eligible voter's name, accompanied by an encryption of their Bitcoin public key. Each candidate could set up an account and you could vote by moving a specified amount to the candidate (if the candidates are trustworthy, they can immediately return the money to you). When the election is over, the blockchain is parsed to count the unique addresses sending money to each of the candidates.

To make sure voters are eligible takes a little work (done outside of Bitcoin): the encrypted public keys from the roster are cryptographically shuffled (this anonymizes the list so you lose track of which encrypted key corresponds to which registered voter). The accounts who cast votes are encrypted (along with their choice of candidate) and also cryptographically shuffled. The election authority can then compare the encrypted signing key of each registered voter with the encrypted singing key of each voter who submitted a vote. This is done under encryption (using a "plaintext equality test"). Only when there is a match between the two lists is the vote actually counted. For each step, the EA publishes a publicly verifiable proof demonstrating it is done correctly.

If a voter is coerced or wants to sell their vote (while not actually selling it), they just make up a new bitcoin account and vote from it, knowing the vote will be discarded because it is not the account they registered (and no one can tell, because the account they registered is under encryption, and votes are only checked for registration after shuffling/anonymization).

This all is a fairly direct translation of an existing system, JCJ / Civitas, to Bitcoin.

Using Bitcoin as a Primitive

In the above example, we didn't use Bitcoin exclusively but it still featured fairly prominently. We could instead use a smaller piece of what Bitcoin provides. For example, the blockchain is an excellent append-only broadcast channel with timestamping and "carbon-dating." Many cryptographic voting systems (nearly all of them) use a primitive like this which is typically called a "bulletin board."

A bulletin board is a place to post encrypted values and proofs that encrypted values are processed in the correct way to produce the tally.

The idea of CommitCoin (mentioned in another answer; disclaimer: I'm an inventor of it) is to use Bitcoin to provide a bulletin board service. The heavy lifting is done by the Scantegrity cryptographic voting system.